Vulnerability in Oracle FLEXCUBE Direct Banking Product from Oracle
CVE-2019-2980

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Direct Banking
Vendor: CVE Published:; 16 October 2019

What is CVE-2019-2980?

A vulnerability exists in the Oracle FLEXCUBE Direct Banking product, specifically in its email component, that allows low-privileged attackers with network access via HTTP to compromise the system. Attackers can exploit this vulnerability to gain unauthorized access to sensitive data, potentially leading to a complete breach of all data accessible through Oracle FLEXCUBE Direct Banking. This flaw underscores the importance of securing network communications and access controls within financial applications.

Affected Version(s)

FLEXCUBE Direct Banking 12.0.2

FLEXCUBE Direct Banking 12.0.3

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018